Earlier this year, Tokio Marine HCC International (TMHCCI) compiled a list of the top 10 cyber incidents of 2024, outlining their disruptiveness and their financial impact. To the surprise of few, the CrowdStrike outage – which impacted some 8.5 million devices globally and led to global losses of approximately US$5.4 billion – was given prominence.
Offering closer insight into the listing, Isaac Guasch (pictured left), cyber security leader at TMHCCI, noted that the “alarming and continued” increase in supply chain attacks should act as a warning to businesses across all industries. “Their interconnectedness and reliance on shared, cloud-based infrastructure could be leaving them more vulnerable than they think to cyberattacks and data breaches.”
Third-party risk remains a critical concern, Guasch said, with attackers exploiting trusted relationships to gain access to key systems and sensitive data. Businesses need to develop robust, collaborative cybersecurity, to safeguard their operations and reduce the risk of such incidents occurring.
“The report also highlighted that non-malicious cyber incidents can be just as damning for businesses,” he said, “demonstrating that even unintentional disruptions, like that of CrowdStrike, can have a far-reaching impact on key services and infrastructure around the world.
“As businesses compete with each other for market share in their respective sectors, it is important that they do not cut corners in the race to innovate. It is a balancing act, but prioritising the development of effective cybersecurity measures to ensure operational resilience is the only way to achieve the sustainable growth in the long term.”
Identifying some of the common themes that emerged during the team’s research, Marc Pujol (pictured right), cyber security specialist at TMHCCI, said: “On the one hand, the dominance of North America-based cloud and enterprise software solution providers, including AWS, Microsoft Azure and Google, is definitely one of the key themes in 2024, as it entails a potentially high-risk supply chain dependence for a vast number of enterprises worldwide. On the other hand, we increasingly see sector-wide ripple effects due to supply chain attacks, evidenced in our report as many of the listed top incidents affected entire industries (e.g. CDK Global, Change Healthcare).”
Given the significance of the CrowdStrike outage, the question now is whether there will be a corresponding increase in focus on IT outages and non-malicious activity among organisations – and the insurers who support them. Pujol noted that TMHCCI is seeing that many organisations are now revisiting their resilience strategies.
“Companies are enhancing redundancy measures, diversifying the service providers they work with, and implementing failover plans to mitigate IT failure risks,” he said. “For insurers, there is a growing emphasis on systemic risk, ensuring that coverage accounts for non-malicious disruptions, as well as cyberattacks.”
Pujol advised that the first step to addressing cyber risk is to understand that a one-size-fits-all approach does not work. Each business is unique and therefore requires solutions tailored to the issues and challenges they face. “This is critical in the current cyber risk landscape, where attackers are leveraging AI, deepfakes, and automation to scale their attacks faster than businesses are able to adapt.”
There is also a profound shortage of cybersecurity experts in the market, he said, and many organisations lack the in-house expertise to effectively identify and manage cyber risks.
Guasch emphasised the importance of organisations finding the right balance between technological innovation and risk resilience. That balancing act requires the embedding of security into every stage of innovation, he said, which is technically known as “security by design”.
Collaboration between security and IT teams, along with continuous monitoring, can help mitigate risks without compromising innovation, Guasch said. “By offering cyber insurance policies, insurers provide organisations with crucial financial support to recover from the aftermath of cyber incidents.
“This support can cover costs related to data recovery, legal fees, and customer notifications, and insulate a business from financial ruin. Furthermore, insurers often require policyholders to adhere to certain cybersecurity standards as a condition of coverage, thereby incentivising the adoption of better risk management practices.”
In addition to financial support, he said, insurers are uniquely positioned to foster a culture of cyber resilience. They can leverage the vast amounts of data they collect on cyber incidents to inform and drive industry-wide awareness. “By analysing trends in threat intelligence, insurers can identify common vulnerabilities and attack vectors, sharing these insights with clients to help them bolster their defences.”
